back to article Twitter blames website upgrade for re-introducing XSS hole

Twitter said it identified and fixed the cross site scripting flaw that led to meltdown on Tuesday a month ago, only to undo this fix with a later web site update. The revamp - which reintroduced a flaw that meant JavaScript could be injected into Tweets - was unrelated to the recent introduction of New Twitter. The cross-site …

COMMENTS

This topic is closed for new posts.
Coat

Cross?

Why is this referred to as 'cross-site' scripting a lot, there's only one site involved?

0
0
FAIL

Six hours to fix a XSS flaw?

SIX hours? To block javascript from tweets, considering they've done it before?

I call bullshit - I think all their engineers were asleep from 2am to 7am.

0
0

'Fix' is a stretch

I noticed this morning that the pop-up profile box is missing from hovering @names in tweets, so I guess they just removed all JS stuff like for a little while until they sort it properly.

I think there were some malicious variants. Some definitely attempted to compile information via DMs

0
0

In what way was it an "attack"?

There was no signal to disrupt with the noise.

I'm sure there were some engineers on shift, but anyone with a high enough pay grade to actually make a decision about deploying a fix would be either snoozing or too busy trying to figure out how to actually make some money off of Twitter.

0
0

Er...

"creating hundreds of thousands of spam message in the process"

Isn't that business as usual for Twitter?

0
0
Silver badge

What's the issue?

Personally, I'd prefer watching a Rick Astley video to reading people's random inane spews on Twitter

0
0

Leaked memo

Twitter execs to engineers: "Way to go XSS holes!" ;)

0
0
This topic is closed for new posts.

Forums